BankInfoSecurity
May 20, 2021
Compliance
@prajeetspeaks) • April 26, 2021 Get Permission
An update pushed out earlier this year by law enforcement agencies, including Europol, on Sunday began erasing Emotet malware from infected devices worldwide, according to a blog posting from Malwarebytes.
The “update” file - a customized DLL file called EmotetLoader.dllsent - was activated on infected devices to erase the malware, Malwarebytes reports.
Europol has not issued an announcement on the action and did not immediately reply to Information Security Media Group s request for comment.
Today at 1:00 PM, our #Emotet-infected machine that had received the special law enforcement file triggered its uninstallation routine.
Emotet Malware Automatically Uninstalled govinfosecurity.com - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from govinfosecurity.com Daily Mail and Mail on Sunday newspapers.
Get Permission
The law enforcement agencies behind this week s disruption - dubbed “Operation Ladybird” - of Emotet are helping victims by pushing out an update via the botnet’s infrastructure that will disconnect their devices from the malicious network.
Europol describes Emotet as “one of the most professional and long-lasting cybercrime services.” Its operators used the botnet to gain entry into organizations worldwide and then sold that access to other cybercrime gangs, who used it for their own nefarious purposes, such as delivering ransomware and banking Trojans, according to Europol and security researchers. What makes this takedown interesting is how Europol managed to push out an updated botnet to infected hosts, redirecting them away from the malicious infrastructure,” says Marc Laliberte, senior security analyst at the security firm WatchGuard Technologies. “Instead of only taking down the servers responsible for distributing the malware, international l